MEF Introduces SASE Standard, Zero-trust Framework

MEF, a global industry association of network, cloud and technology providers accelerating enterprise digital transformation, has published a secure access service edge (SASE) standard defining SASE service attributes, a framework and common definitions, and a zero-trust framework that allows organizations to implement dynamic policy-based actions to secure network resources for faster decision making and implementation for enterprises.

MEF’s SASE standard aligns stakeholders on common terminology and service attributes when buying, selling, and delivering SASE services, and makes it easier to interface policy with security functions for cloud-based cybersecurity from anywhere.

MEF’s zero-trust framework defines service attributes to enable service providers to implement and deliver a range of services that comply with zero-trust principles.

According to the July 2022 SASE & SD-WAN 5-Year Forecast Report from Dell’Oro Group, the SASE-related technologies market will exceed $13 billion by 2026. SASE has gained traction due to its work-from-anywhere cloud approach to security and networking. The MEF SASE service standard and zero-trust framework have been developed by top managed security and service providers to make it easier to bring to market robust, easy-to-understand, easy-to-manage SASE services for the enterprise. The new standards include:

  • SASE Service Attributes and Service Framework StandardThis standard specifies service attributes to be agreed upon between a service provider and a subscriber for SASE services, including security functions, policies and connectivity services. The standard defines the behaviors of the SASE service that are externally visible to the subscriber irrespective of the implementation of the service. A SASE service based upon the framework defined in the standard enables secure access and secure connectivity of users, devices, or applications to resources for the subscriber. MEF’s SASE standard (MEF 117) includes SASE service attributes and a SASE service framework.
  • Zero Trust Framework for MEF Services – The new Zero Trust Framework for MEF Services (MEF 118) defines a framework and requirements of identity, authentication, policy management, and access control processes that are continuously and properly constituted, protected, and free from vulnerabilities when implemented and deployed. This framework also defines service attributes, which are agreed between a subscriber and service provider, to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.

“With SASE still at an early stage and generating confusion, I applaud MEF’s standardization efforts. In the near-term, they are contributing vocabulary and aligning conceptual frameworks that are vital to getting the industry to rally behind common, interoperable approaches,” said Mauricio Sanchez, Research Director for Network Security & SASE/SD-WAN research at Dell’Oro Group. “In the long-term, I see the resulting standards help make multi-vendor SASE a reality and accelerate overall adoption.”

“Enterprises are challenged to compare feature sets and solutions when selecting SD-WANSSE, and SASE services, including Zero Trust Network Access, which can result in incomplete service offerings that don’t meet needs and expectations. At the same time, service providers want to offer a complete, unified SASE service that includes networking and security under a single pane of glass,” said Pascal Menezes, MEF Chief Technology Officer. “MEF’s new SASE standard and Zero Trust framework, firsts in the industry, provide clarity and simplify the selection of SASE managed services for enterprises. MEF-based SASE services allow organizations to make choices based on industry-standard service attributes, frameworks, and common definitions which allow for easier evaluation and faster decision-making and implementation. On behalf of MEF, I would like to thank all the members who worked tirelessly to progress these efforts for the benefit of the entire industry.”

MEF also offers technical training on SD-WAN and related security for professionals through its MEF-SDCP certification.

For more information visit MEF.net.